diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 8402d77..5e446aa 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -113,6 +113,11 @@ in { paths = ["/home/alarsyo"]; }; + scribe = { + enable = true; + port = 8087; + }; + tailscale = { enable = true; exitNode = true; diff --git a/services/default.nix b/services/default.nix index 44c7def..68f98de 100644 --- a/services/default.nix +++ b/services/default.nix @@ -20,6 +20,7 @@ ./postgresql-backup.nix ./postgresql.nix ./restic-backup.nix + ./scribe.nix ./tailscale.nix ./transmission.nix ]; diff --git a/services/scribe.nix b/services/scribe.nix new file mode 100644 index 0000000..09e5836 --- /dev/null +++ b/services/scribe.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.scribe; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.scribe = let + inherit (lib) types; + in { + enable = mkEnableOption "Scribe config"; + + home = mkOption { + type = types.str; + default = "/var/lib/scribe"; + example = "/var/lib/scribe"; + description = "Home for the scribe service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 2343; + example = 8080; + description = "Internal port for Scribe service"; + }; + }; + + config = mkIf cfg.enable { + users.users.scribe = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "scribe"; + }; + users.groups.scribe = {}; + + services.nginx.virtualHosts = { + "scribe.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + + extraConfig = '' + proxy_connect_timeout 600; + proxy_read_timeout 600; + proxy_send_timeout 600; + client_max_body_size 200m; + ''; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["scribe.${domain}"]; + }; +}